MeterSphere Logic Flaw in User Authentication Allowing Arbitrary User Login

A logic flaw has been identified in MeterSphere, an open-source continuous testing platform, prior to version 2.10.25-lts. This vulnerability allows an unauthenticated attacker to log in as any user by exploiting a flaw that permits the retrieval of arbitrary user information. The issue arises from the application's trust in the authentication method specified by the user, which can be manipulated to bypass authentication checks. The vulnerability has been patched in version 2.10.25-lts.

Impact

Exploitation of this vulnerability allows for unauthorized access to user accounts, potentially leading to unauthorized actions within the application on behalf of the impersonated user.

Reproduction

To reproduce this vulnerability, send a POST request to the '/signin' endpoint with a username, a password set to false, and an authentication method of 'LDAP'. This request will bypass the normal authentication process and log in as the specified user.

Remediation

Users can upgrade to MeterSphere version 2.10.25-lts or later to address this vulnerability.